Managing user access to Pexip Control Center

Pexip Control Center (PCC) is the platform we're developing to bring the admin and analytics tasks for all users — distributors, partners, company admins and users — into one place. Over time it will replace Pexip Analytics, the Partner Portal and some features of the Pexip apps.

Compared to the existing tools PCC allows more granularity in terms of what users have access to, and more flexibility in terms of who can configure access. In this way it enables users to be given the appropriate level of access for their job. It also puts distributor, partner, and company staff in control of access for their own users.

The process starts with Pexip granting roles to selected distributor/partner users who become "access managers" for their business. Access could then be granted as follows, for example:

  • those access managers can configure roles for their colleagues based on the customers their colleagues work with, and
  • in turn, those colleagues can grant access to company administrators within the customer companies they work with, and lastly
  • those company administrators can grant access as required to their own users.

In this article we help distributor and partner users grant roles to others.

Please note all users need an active Pexip Control Center User License before they can access PCC (legacy EUL users also have access). For general information about PCC, see What is Pexip Control Center?

First it helps to understand what roles are and what you can do when granting roles to others.

Understanding roles

Roles are used to determine what a user can do and for which organizations.

  • Admin role:

    • gives the user read access to data
    • allows the user to launch the Activate Endpoint app to activate (sometimes referred to as provisioning) compatible hardware video endpoints one at a time. See our documentation here.
  • Access Admin role gives the user the ability to grant roles to other users.

  • Admin (legacy) role provides the same access as the Admin role but is automatically assigned by the system to:

    • users whose company administrator role was granted via the Partner Portal or the Pexip apps, both for customer companies and your internal company, and to
    • users who manage team rooms.

      • To revoke or grant the Admin (legacy) role, the user's access must be changed using the Partner Portal or the Pexip apps.

  • OTJ Admin role gives the user the ability to view and edit the One-Touch Join settings for a company (if they also have the Admin role for that company), and to enable One-Touch Join for individual video systems.
  • OTJ Viewer role gives the user the ability to view (but not edit) the One-Touch Join settings for a company (if they also have the Admin role for that company), and to view (but not edit or download the macro for) the One-Touch Join settings for individual video systems.
  • All users with a Pexip Control Center User License can log in and view their own personal usage and account details. Please note when viewing such users via the Users page you don't see a role in the Roles column.

What users with Access Admin role can do

As a user with Access Admin role, you can grant roles to other users:

  • You can assign any of the roles you have, and for any of the organizations you have access to.
  • You can grant a user the equivalent or less access than you have yourself, but you cannot give them more access than you have yourself.

To grant a role to a user, you need:

  • Admin role for the company to which the user is subscribed. This enables you to view the user's company.
  • Access Admin role for the company to which the user is subscribed.
  • Admin role for the target organization. When granting a role, the drop down list only contains the organizations for which you have Admin role.
  • Access Admin role for the target organization.

Finding the Roles page

To go to the user's Roles page:

  1. Use the Overview page to find the company where the user is subscribed.
  2. Go to the Users page to find the user you want to edit, open the menu on the right and select Edit roles.

    (If you don't see the option to edit roles, i.e. you can only view the current roles, it means you don't have the Access Admin role for the company whose users you're viewing.)

From the Roles page you can configure a user's roles, see:

Changing the roles a user has for their main organization

A user's main organization is the company where they are subscribed. For distributor and partner users this is their internal company.

This feature is used to give roles to users who need to view their own company's data (Overview, Analytics, Users, Video systems and so on), or need to assign roles to staff within their own company. The feature is typically used by:

  • partners to give Access Admin roles to company administrators for their own company, and
  • company administrators to give Admin, and/or Access Admin roles to users within their company.

These steps show you how to change the roles a user has for their own company:

  1. Go to the Roles page for the user you want to edit.
  2. Select the Roles drop down and you see the roles the user currently has.
  3. Check a selection to add a role or uncheck a selection to remove a role.
  4. Select Apply changes.
  5. There are no automatic email notifications, thus you need to let the user know about their new role.

That's it!

Giving a user a role for another organization

This feature is used to grant a user access to an organization other than the user's subscribed company, and is used by:

  • Authorized Pexip staff to assign Admin and Access Admin roles to selected distributor/partner staff.

  • Distributor/partner staff to give other staff members access. We strongly recommend:

    • giving the majority of staff access only to the specific companies they are responsible for, so that the role assignee can support their customers, and
    • limiting access for distributor and partner organizations to as few users as possible for the purpose of data analysis via the distributor or partner Overview and Analysis pages.

Recommendations for choosing the right target organization

Important: always grant an appropriate level of access, and take care to select the right organization to avoid providing unauthorized access to data.

Giving a user access to a company type organization grants access to the company only.

We strongly recommend this for the majority of users for the purposes of supporting customers, and for managing your own internal company.

Giving a user access to a partner type organization gives the user access to all the companies below the partner, as well as the partner itself.

We strongly recommend limiting this to as few users as possible for the purposes of data analysis at partner level only.

Giving a user access to a distributor type organization gives the user access to all the partners below the distributor, and all the companies below the partners, as well as the distributor itself.

We strongly recommend limiting this to as few users as possible for the purposes of data analysis at distributor level only.

A user can be granted access to two or more individual companies that are managed by separate partners or distributors.

As in all cases, the person granting access must have the Admin Access role for that particular entity.

How to give someone a role for another organization

The steps below show you how to give someone a role to an organization other than the user's company.

The person granting access must have the Admin Access role for the target entity.

Before making the role assignment, read the guidance about which target organization to choose.

  1. From the top-right corner, select , then you see the controls for adding a role assignment.
  2. Select the Organization drop down and you see a list.
  3. Use the arrow to the right of a name to see partners/companies supported by the organization.
  4. Use the arrow to the left of a name to go back.
  5. Click an organization name at any level to select it as a target organization.
  6. After choosing an organization, select the Access roles drop down.
  7. Use the check box to select the required roles.
  8. Check the configuration is as you want it, and when ready select Submit.
  9. There are no automatic email notifications, thus you need to let the user know about their new role.

Editing or removing the roles a user has for another organization

First, go to the Roles page.

From the section called Direct roles, select Edit next to the role assignment you want to change.

To change a user's roles for a target organization, click on the Access Roles drop down and use the check boxes.

To remove a role assignment completely — all roles for the target organization — select the menu and choose Remove.

Access logs

In Settings > Access logs, you can view information about the changes made by users in the PCC. The log data includes:

  • Local Time: The time according to your device when the change was made or attempted.
  • Event: The event or change that was made by the user.
  • Device/Browser: The device and browser used to make the change.
  • User: The user who made the change.
  • IP address: The IP address of the user's device.
  • Status: Whether the change was successful or failed.

By default, the last 90 days of logs are shown but you can adjust the time range from the drop down.